CVE-2024-27255

Summary

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.

Affected Software

VendorProductVersion RangeStatus
IBMMQ Operator2.0.0 LTS <= 2.0.18 LTSaffected
IBMMQ Operator2.4.0 <= 2.4.7affected
IBMMQ Operator2.3.0 <= 2.3.3affected
IBMMQ Operator2.2.0 <= 2.2.2affected
IBMMQ Operator3.0.0 CD <= 3.0.1 CDaffected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References